From bfef95f5ec06ae9450815f5044c5fa7217731df6 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Thu, 13 Jun 2024 13:04:43 +0200 Subject: [PATCH] fix: sync redis and rabbitmq secrets only if they exist --- .../host-manifests/sync-rabbitmq-secrets.yaml | 27 ++++++++++++++----- .../host-manifests/sync-redis-secrets.yaml | 27 ++++++++++++------- 2 files changed, 38 insertions(+), 16 deletions(-) diff --git a/resources/atlantis/host-manifests/sync-rabbitmq-secrets.yaml b/resources/atlantis/host-manifests/sync-rabbitmq-secrets.yaml index ac46ee43..774b74fa 100644 --- a/resources/atlantis/host-manifests/sync-rabbitmq-secrets.yaml +++ b/resources/atlantis/host-manifests/sync-rabbitmq-secrets.yaml @@ -11,7 +11,7 @@ spec: apiVersion: v1 kind: Secret name: '{{ request.object.metadata.name }}' - namespace: atlantis + namespace: '{{ request.object.metadata.namespace }}' synchronize: true clone: name: prod-rabbitmq @@ -23,14 +23,20 @@ spec: - Secret names: - prod-rabbitmq - namespaces: - - rabbitmq + exclude: + any: + - resources: + kinds: + - Secret + selector: + matchLabels: + generate.kyverno.io/clone-source: "" - name: sync-staging-rabbitmq-secret generate: apiVersion: v1 kind: Secret - name: staging-rabbitmq - namespace: '{{ request.object.metadata.name }}' + name: '{{ request.object.metadata.name }}' + namespace: '{{ request.object.metadata.namespace }}' synchronize: true clone: name: staging-rabbitmq @@ -39,10 +45,17 @@ spec: any: - resources: kinds: - - Namespace + - Secret + names: + - staging-rabbitmq + exclude: + any: + - resources: + kinds: + - Secret selector: matchLabels: - vcluster.loft.sh/label-*: sync-staging-rabbitmq-secret + generate.kyverno.io/clone-source: "" - name: add-rabbitmq-connstring mutate: patchStrategicMerge: diff --git a/resources/atlantis/host-manifests/sync-redis-secrets.yaml b/resources/atlantis/host-manifests/sync-redis-secrets.yaml index c2d876f6..3f18e9a0 100644 --- a/resources/atlantis/host-manifests/sync-redis-secrets.yaml +++ b/resources/atlantis/host-manifests/sync-redis-secrets.yaml @@ -11,7 +11,7 @@ spec: apiVersion: v1 kind: Secret name: '{{ request.object.metadata.name }}' - namespace: atlantis + namespace: '{{ request.object.metadata.namespace }}' synchronize: true clone: name: prod-redis @@ -23,14 +23,20 @@ spec: - Secret names: - prod-redis - namespaces: - - redis + exclude: + any: + - resources: + kinds: + - Secret + selector: + matchLabels: + generate.kyverno.io/clone-source: "" - name: sync-staging-redis-secret generate: apiVersion: v1 kind: Secret - name: staging-redis - namespace: '{{ request.object.metadata.name }}' + name: '{{ request.object.metadata.name }}' + namespace: '{{ request.object.metadata.namespace }}' synchronize: true clone: name: staging-redis @@ -39,12 +45,15 @@ spec: any: - resources: kinds: - - Namespace + - Secret names: - - "vcluster-009dba7e-*" + - staging-redis + exclude: + any: - resources: kinds: - - Namespace + - Secret selector: matchLabels: - vcluster.loft.sh/label-*: sync-staging-redis-secret + generate.kyverno.io/clone-source: "" +